CVE-2022-35875

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 9.8

EPSS Низкий

Описание

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the wpapsk configuration parameter, as used within the testWifiAP XCMD handler

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581
Exploit
Technical Description
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9x:*:*:*:*:*:*:*

cpe:2.3:o:goabode:iota_all-in-one_security_kit_firmware:6.9z:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00478

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-134

Связанные уязвимости

GHSA-wrgw-86pw-mvrr

CVSS3: 9.8

github

больше 3 лет назад

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler

EPSS

Процентиль: 64%

0.00478

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-134